US20150310192A1 - Method for protecting a computer program product, computer program product and computer-readable storage medium - Google Patents
Method for protecting a computer program product, computer program product and computer-readable storage medium Download PDFInfo
- Publication number
- US20150310192A1 US20150310192A1 US14/411,086 US201314411086A US2015310192A1 US 20150310192 A1 US20150310192 A1 US 20150310192A1 US 201314411086 A US201314411086 A US 201314411086A US 2015310192 A1 US2015310192 A1 US 2015310192A1
- Authority
- US
- United States
- Prior art keywords
- computer program
- program product
- operating environment
- operating parameter
- operating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004590 computer program Methods 0.000 title claims abstract description 107
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000005540 biological transmission Effects 0.000 claims description 14
- 230000008859 change Effects 0.000 description 8
- 230000001419 dependent effect Effects 0.000 description 4
- 230000018109 developmental process Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000007420 reactivation Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1078—Logging; Metering
-
- G06F2221/0775—
Definitions
- the present teachings relate generally to a method for protecting a computer program product, a computer program product, and a computer-readable storage medium.
- a hardware apparatus e.g., a dongle
- the dongle may be a memory that stores a license key. This license key may then be read from the memory by the respective computer program (e.g., during starting of the computer program) and may be checked.
- a dongle may be designed to carry out cryptographic functions.
- a dongle may carry out a “challenge-response” method in combination with a respective computer program.
- a dongle involves dongle hardware and access to a connection of the respective computer.
- Protection methods implemented in software may also be used to protect computer programs. Such methods may be based on monitoring characteristic data relating to the computer system on which the respective computer program is executed.
- a computer program may store the identifier of the processor (e.g., the CPU ID) of the computer on which the computer program is installed. During each system start, the computer program may then check whether the processor of the computer on which the computer program is executed is the processor identified by the computer program during installation. Additional characteristic data relating to the computer that facilitate identification may also be used.
- the processor e.g., the CPU ID
- the computer program may then check whether the processor of the computer on which the computer program is executed is the processor identified by the computer program during installation. Additional characteristic data relating to the computer that facilitate identification may also be used.
- characteristic data relating to the computer system on which a computer program is executed is problematic when the computer program is executed in a “virtual machine” (e.g., a virtual computer system).
- the virtual machine may allow the characteristic data to be manipulated or feigned.
- an image of a virtual machine may be readily copied after the computer program has been installed.
- the present embodiments may obviate one or more of the drawbacks or limitations in the related art. For example, in some embodiments, improved protection of computer program products is provided.
- a method for protecting a computer program product operated in a virtual operating environment includes the following acts: recording at least one operating parameter for the operating environment in which the computer program product is executed, the operating parameter being defined outside the operating environment; comparing the recorded operating parameters with a comparison value stored for the respective operating parameter; and outputting a warning signal if a number of comparison results exceeds a predefined threshold value, the comparison results indicating an execution of the computer program product in an operating environment other than that in which the comparison values were recorded.
- a computer program product includes computer instructions for carrying out a method in accordance with the present teachings.
- a computer-readable storage medium includes a computer program product in accordance with the present teachings.
- operating parameters of the respective operating environment may be manipulated with the aid of virtual operating environments.
- a method is provided for recognizing whether a computer program product is operated in the operating environment in which the computer program product was originally installed.
- At least one operating parameter that is defined outside the operating environment may be recorded.
- the recorded operating parameters are compared with comparison values recorded for the respective operating parameters.
- the stored operating parameters may be stored, for example, when installing the computer program product inside the respective operating environment.
- the comparison with the stored operating parameters indicates whether a computer program product is operated in the operating environment in which the stored operating parameters were recorded, or whether the corresponding computer program product is operated in an operating environment that is different than the operating environment in which the stored operating parameters were recorded.
- a warning signal is output if the number of comparisons indicating that the corresponding computer program product is being operated in an operating environment that is different than the operating environment in which the stored operating parameters were recorded exceeds a threshold value.
- the operation of a computer program product may be monitored even when the computer program product is operated in a virtualized operating environment.
- the at least one operating parameter defined outside an operating environment includes a subnet mask and/or predefined addresses of predefined systems of a data network coupled to the operating environment.
- the subnet mask may be a fixed variable in a data network.
- a change in the subnet mask may indicate a potential move of the computer program product to a new operating environment.
- the at least one operating parameter defined outside an operating environment includes a DNS server address.
- the address of the DNS server may be constant and, therefore, may effectively contribute to recognizing a move of the computer program product.
- the at least one operating parameter defined outside an operating environment includes neighboring systems that may be reached by the computer program product in the data network. Permanently installed computer systems may be used in data networks belonging, for example, to companies. A change in the neighboring systems that may be reached by the computer program may likewise indicate a move of the computer program product to another operating environment.
- the at least one operating parameter defined outside an operating environment includes SNMP devices that may be reached by the computer program product.
- a change in the SNMP devices that may be reached by the computer program likewise indicates a move of the computer program product to another operating environment.
- the at least one operating parameter defined outside an operating environment includes at least part of a network route to known Internet servers. If a computer program transmits a request to an Internet server, the request may run through an internal network belonging to a company or to an Internet provider until the request is fed into the actual Internet. Therefore, a change in at least the internal part of the network route may indicate a move of the computer program to a new operating environment.
- the at least one operating parameter defined outside an operating environment includes a data transmission time (e.g., PING time) to known Internet servers.
- a data transmission time e.g., PING time
- the data transmission time may change within a certain fluctuation range in the event of a request to a known server. Therefore, a drastic deviation of the data transmission time from a known value for the data transmission time may indicate a move of the computer program product to a new operating environment.
- the respective operating parameter is compared with a defined comparison value and/or with a range of values and/or with a Boolean value during comparison.
- This comparison may provide suitable options for each operating parameter. For example, addresses such as the subnet mask or the address of the DNS server may be compared with a stored address value.
- a check may be carried out, for example, to determine whether the data transmission time is in a data transmission time range.
- the data transmission time range may be formed, for example, from the corresponding past data transmission times.
- each of the operating parameters is allocated a weighting, and the number of comparisons is calculated using a weighted sum calculated based on the allocated weighting. As a result, a higher priority may be allocated to certain parameters when determining a move.
- the starting of the computer program product may be prevented in addition to outputting the warning signal, thereby providing effective copy protection.
- a license key may be queried in addition to outputting the warning signal.
- the computer program product may be reactivated.
- the computer program product is in the form of a library and/or a program module of a further computer program product.
- the computer program product may be integrated in further computer program products as a copy protection mechanism.
- a computer program product in accordance with the present teachings may prevent the execution of the further computer program products.
- FIG. 1 shows a flowchart of an example of a method in accordance with the present teachings.
- FIG. 2 shows two tables with examples of network routes to the wikipedia.de server.
- FIG. 3 shows a schematic illustration of an example of a plurality of operating parameters.
- FIG. 4 shows a block diagram of an example of an operating environment of an exemplary computer program product in accordance with the present teachings.
- FIG. 1 shows a flowchart of an example of a method in accordance with the present teachings.
- a first act S 1 at least one operating parameter 15 - 1 - 15 - 5 that is defined outside an operating environment 2 , 3 is recorded for the operating environment 2 , 3 in which the computer program product 1 is executed.
- a second act S 2 also provides for the recorded operating parameters 15 - 1 - 15 - 5 to be compared with a comparison value stored for the respective operating parameter 15 - 1 - 15 - 5 .
- the stored comparison values for the operating parameters 15 - 1 - 15 - 5 are the values that are recorded and stored in that operating environment 2 , 3 in which the computer program product 1 was originally installed or for which the computer program product was originally licensed.
- a warning signal 17 is output if a number of comparison results indicating execution of the computer program product 1 in another operating environment 2 , 3 exceeds a predefined threshold value.
- the execution of the computer program product 1 may also be prevented.
- execution in another operating environment 2 , 3 refers to the execution of the computer program product 1 in an operating environment 2 , 3 in which the computer program product 1 was not originally installed and/or for which the comparison values were not stored.
- a method in accordance with the present teachings may also be carried out using a computer program product 1 as a module of a further computer program product.
- the computer program product 1 may be used to monitor and control the execution of the further computer program product.
- a license key for the computer program product 1 may be queried when a move of the operating environment 2 , 3 is recognized.
- the license key facilitates reactivation of the computer program product.
- the operating environment of a computer program product may change. Therefore, in accordance with the present teachings, the operating parameters 15 - 1 - 15 - 5 of the operating environment 2 , 3 may be selected such that a change in the operating parameters 15 - 1 - 15 - 5 reliably indicates whether or not the computer program product 1 is executed in that operating environment 2 , 3 in which the computer program product 1 was originally installed.
- the recognition accuracy may be modified by changing the number of operating parameters 15 - 1 - 15 - 5 used and by changing the predefined threshold value.
- the operating parameters 15 - 1 - 15 - 5 defined outside an operating environment 2 , 3 may be different operating parameters 15 - 1 - 15 - 5 that may be recorded using, for example, network interfaces.
- Operating parameters include the following: a subnet mask; predefined addresses of predefined systems (e.g., printers or the like) in the data network 4 ; a DNS server address; an address of a standard gateway; reachable neighboring systems 5 , 6 in the data network 4 ; reachable SNMP devices; at least part of a network route to known Internet servers 7 ; a data transmission time to known Internet servers 7 ; and source addresses of ARP requests.
- Comparison values and/or ranges of values and/or Boolean values defined for comparing S 2 the respective operating parameters 15 - 1 - 15 - 5 may be predefined for the multiplicity of operating parameters 15 - 1 - 15 - 5 .
- comparison values defined for network addresses may be stored.
- a range of values may be stored since the data transmission time is also dependent on the instantaneous load situation of the data network 4 and the load situation of the Internet or the called Internet server 7 .
- tolerance ranges, thresholds, or variances may also be stated for changes in individual operating parameters 15 - 1 - 15 - 5 .
- the threshold value may be set based on the desired recognition rate. A trade-off is made between how quickly a move is to be recognized and how often false recognitions may be tolerated.
- a weighting is allocated to each of the operating parameters 15 - 1 - 15 - 5 .
- the number of comparisons is calculated using a weighted sum based on the respectively allocated weighting, thereby facilitating adaptation of the method to different boundary conditions.
- FIG. 2 shows two tables with examples of network routes to the wikipedia.de server in accordance with the present teachings.
- the tables were recorded using the “traceroute” program that records and outputs the route from the executing computer to the target system.
- the table entries 2 , 3 and 4 in the two tables are not identical.
- different computer systems forward the request until the request continues on a common route at entry 5 (upper table) and entry 4 (lower table).
- differences in the first systems according to the subnetwork 4 in which the operating environment 2 , 3 of the computer program product 1 is arranged indicate a move of the operating environment 2 , 3 .
- FIG. 3 shows a schematic illustration of an example of a plurality of operating parameters 15 - 1 - 15 - 5 in accordance with the present teachings.
- the operating parameter 15 - 1 is the ping time to a Google server.
- the operating parameter 15 - 2 is the number of matches during a traceroute run.
- the operating parameter 15 - 3 is a comparison of its own IP address.
- the operating parameter 15 - 4 is a source address of ARP requests.
- the operating parameter 15 - 5 is the number of neighboring systems in the data network 4 that may be reached by UDP protocol at certain port numbers.
- a range of between 90 ms and 180 ms is specified for the operating parameter 15 - 1 . Therefore, if a ping time to a Google server is between 90 ms and 180 ms, a move is not assumed.
- a range of between 5 and 7 is specified for the operating parameter 15 - 2 . Therefore, if the number of matches during a traceroute run is below 5, a move is assumed.
- a comparison is carried out for the operating parameters 15 - 3 and 15 - 4 to determine whether the operating parameters 15 - 3 and 15 - 4 correspond to the stored values.
- a range of between 2 and 4 is specified for the operating parameter 15 - 5 .
- a different number of operating parameters 15 - 1 - 15 - 5 may be included in the set of operating parameters 15 - 1 - 15 - 5 .
- different comparison values, ranges, or the like may be specified.
- FIG. 4 shows a block diagram of an example of an operating environment 2 , 3 of an exemplary computer program product 1 in accordance with the present teachings.
- FIG. 4 shows an example of an operating environment 2 having a network interface 8 that may be, for example, a computer server.
- a virtual operating environment 3 having a virtual network interface 9 is shown inside the operating environment 2 .
- the virtual operating environment 3 may be, for example, a virtual PC that is executed as a computer program on the server 2 .
- the computer program product 1 in accordance with the present teachings is installed in the virtual PC 3 .
- the computer program product is designed to communicate via the virtual network interface 9 that is coupled to the actual network interface 8 of the computer server 2 .
- the actual network interface 8 is coupled to a data network 4 having an additional first computer system 5 and a second computer system 6 that are coupled to the data network 4 .
- the data network 4 is also coupled to a standard gateway 10 that is configured to couple the data network 4 to the Internet 11 .
- An Internet server 7 (e.g., the wikipedia.de server) is coupled to the Internet.
- the additional first computer system 5 and the second computer system 6 may be recognized and stored, for example.
- the address of the standard gateway 10 may also be stored.
- the route and the ping time to the wikipedia.de server 7 may be stored.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
- This application is the National Stage of International Application No. PCT/EP2013/059213, filed May 3, 2013, which claims the benefit of German Patent Application No. DE 102012210747.9, filed Jun. 25, 2012. The entire contents of both documents are hereby incorporated herein by reference.
- The present teachings relate generally to a method for protecting a computer program product, a computer program product, and a computer-readable storage medium.
- Software manufacturers lose large amounts of money every year due to the illegal use of unlicensed software. Therefore, the protection of computer programs from unauthorized use is important in software development.
- Conventional methods for protecting computer programs from unauthorized use provide, for example, a hardware apparatus (e.g., a dongle) that is used to protect a computer program from unauthorized execution. For example, the dongle may be a memory that stores a license key. This license key may then be read from the memory by the respective computer program (e.g., during starting of the computer program) and may be checked.
- A dongle may be designed to carry out cryptographic functions. For example, a dongle may carry out a “challenge-response” method in combination with a respective computer program.
- However, the use of a dongle involves dongle hardware and access to a connection of the respective computer.
- Protection methods implemented in software may also be used to protect computer programs. Such methods may be based on monitoring characteristic data relating to the computer system on which the respective computer program is executed.
- For example, during installation, a computer program may store the identifier of the processor (e.g., the CPU ID) of the computer on which the computer program is installed. During each system start, the computer program may then check whether the processor of the computer on which the computer program is executed is the processor identified by the computer program during installation. Additional characteristic data relating to the computer that facilitate identification may also be used.
- However, the use of characteristic data relating to the computer system on which a computer program is executed is problematic when the computer program is executed in a “virtual machine” (e.g., a virtual computer system). The virtual machine may allow the characteristic data to be manipulated or feigned. Furthermore, an image of a virtual machine may be readily copied after the computer program has been installed.
- The scope of the present invention is defined solely by the appended claims, and is not affected to any degree by the statements within this summary.
- The present embodiments may obviate one or more of the drawbacks or limitations in the related art. For example, in some embodiments, improved protection of computer program products is provided.
- A method for protecting a computer program product operated in a virtual operating environment is provided that includes the following acts: recording at least one operating parameter for the operating environment in which the computer program product is executed, the operating parameter being defined outside the operating environment; comparing the recorded operating parameters with a comparison value stored for the respective operating parameter; and outputting a warning signal if a number of comparison results exceeds a predefined threshold value, the comparison results indicating an execution of the computer program product in an operating environment other than that in which the comparison values were recorded.
- A computer program product is provided that includes computer instructions for carrying out a method in accordance with the present teachings.
- A computer-readable storage medium includes a computer program product in accordance with the present teachings.
- In accordance with the present teachings, operating parameters of the respective operating environment may be manipulated with the aid of virtual operating environments. As a result, a method is provided for recognizing whether a computer program product is operated in the operating environment in which the computer program product was originally installed.
- At least one operating parameter that is defined outside the operating environment may be recorded. The recorded operating parameters are compared with comparison values recorded for the respective operating parameters.
- The stored operating parameters may be stored, for example, when installing the computer program product inside the respective operating environment.
- For each operating parameter, the comparison with the stored operating parameters indicates whether a computer program product is operated in the operating environment in which the stored operating parameters were recorded, or whether the corresponding computer program product is operated in an operating environment that is different than the operating environment in which the stored operating parameters were recorded.
- A warning signal is output if the number of comparisons indicating that the corresponding computer program product is being operated in an operating environment that is different than the operating environment in which the stored operating parameters were recorded exceeds a threshold value.
- Thus, the operation of a computer program product may be monitored even when the computer program product is operated in a virtualized operating environment.
- In some embodiments, the at least one operating parameter defined outside an operating environment includes a subnet mask and/or predefined addresses of predefined systems of a data network coupled to the operating environment. The subnet mask may be a fixed variable in a data network. A change in the subnet mask may indicate a potential move of the computer program product to a new operating environment.
- In some embodiments, the at least one operating parameter defined outside an operating environment includes a DNS server address. Like the subnet mask in a data network, the address of the DNS server may be constant and, therefore, may effectively contribute to recognizing a move of the computer program product.
- In some embodiments, the at least one operating parameter defined outside an operating environment includes neighboring systems that may be reached by the computer program product in the data network. Permanently installed computer systems may be used in data networks belonging, for example, to companies. A change in the neighboring systems that may be reached by the computer program may likewise indicate a move of the computer program product to another operating environment.
- In some embodiments, the at least one operating parameter defined outside an operating environment includes SNMP devices that may be reached by the computer program product. A change in the SNMP devices that may be reached by the computer program likewise indicates a move of the computer program product to another operating environment.
- In some embodiments, the at least one operating parameter defined outside an operating environment includes at least part of a network route to known Internet servers. If a computer program transmits a request to an Internet server, the request may run through an internal network belonging to a company or to an Internet provider until the request is fed into the actual Internet. Therefore, a change in at least the internal part of the network route may indicate a move of the computer program to a new operating environment.
- In some embodiments, the at least one operating parameter defined outside an operating environment includes a data transmission time (e.g., PING time) to known Internet servers. Although the data transmission time is not a constant, the data transmission time may change within a certain fluctuation range in the event of a request to a known server. Therefore, a drastic deviation of the data transmission time from a known value for the data transmission time may indicate a move of the computer program product to a new operating environment.
- In some embodiments, the respective operating parameter is compared with a defined comparison value and/or with a range of values and/or with a Boolean value during comparison. This comparison may provide suitable options for each operating parameter. For example, addresses such as the subnet mask or the address of the DNS server may be compared with a stored address value. When comparing the data transmission time, a check may be carried out, for example, to determine whether the data transmission time is in a data transmission time range. The data transmission time range may be formed, for example, from the corresponding past data transmission times.
- In some embodiments, each of the operating parameters is allocated a weighting, and the number of comparisons is calculated using a weighted sum calculated based on the allocated weighting. As a result, a higher priority may be allocated to certain parameters when determining a move.
- In some embodiments, the starting of the computer program product may be prevented in addition to outputting the warning signal, thereby providing effective copy protection.
- In some embodiments, a license key may be queried in addition to outputting the warning signal. Despite the recognition of a move of the computer program product, the computer program product may be reactivated.
- In some embodiments, the computer program product is in the form of a library and/or a program module of a further computer program product. For example, the computer program product may be integrated in further computer program products as a copy protection mechanism. In some embodiments, a computer program product in accordance with the present teachings may prevent the execution of the further computer program products.
- The above refinements and developments may be combined in any desired manner. Additional refinements, developments, and implementations of the present teachings include combinations of features described herein with respect to exemplary embodiments although the combinations themselves may not be explicitly described.
-
FIG. 1 shows a flowchart of an example of a method in accordance with the present teachings. -
FIG. 2 shows two tables with examples of network routes to the wikipedia.de server. -
FIG. 3 shows a schematic illustration of an example of a plurality of operating parameters. -
FIG. 4 shows a block diagram of an example of an operating environment of an exemplary computer program product in accordance with the present teachings. - In the drawing figures, identical or functionally identical elements and apparatuses have been provided with the same reference symbols unless otherwise indicated.
-
FIG. 1 shows a flowchart of an example of a method in accordance with the present teachings. - In a first act S1, at least one operating parameter 15-1-15-5 that is defined outside an operating
environment environment computer program product 1 is executed. - A second act S2 also provides for the recorded operating parameters 15-1-15-5 to be compared with a comparison value stored for the respective operating parameter 15-1-15-5. The stored comparison values for the operating parameters 15-1-15-5 are the values that are recorded and stored in that operating
environment computer program product 1 was originally installed or for which the computer program product was originally licensed. - In a third act S3, a
warning signal 17 is output if a number of comparison results indicating execution of thecomputer program product 1 in another operatingenvironment computer program product 1 may also be prevented. As used herein, execution in another operatingenvironment computer program product 1 in anoperating environment computer program product 1 was not originally installed and/or for which the comparison values were not stored. - A method in accordance with the present teachings may also be carried out using a
computer program product 1 as a module of a further computer program product. Thecomputer program product 1 may be used to monitor and control the execution of the further computer program product. - In some embodiments, a license key for the
computer program product 1 may be queried when a move of the operatingenvironment - In computer-based operating environments (e.g., data networks and computing centers), the operating environment of a computer program product may change. Therefore, in accordance with the present teachings, the operating parameters 15-1-15-5 of the operating
environment computer program product 1 is executed in that operatingenvironment computer program product 1 was originally installed. The recognition accuracy may be modified by changing the number of operating parameters 15-1-15-5 used and by changing the predefined threshold value. - The operating parameters 15-1-15-5 defined outside an operating
environment - Operating parameters that may be used include the following: a subnet mask; predefined addresses of predefined systems (e.g., printers or the like) in the
data network 4; a DNS server address; an address of a standard gateway; reachable neighboringsystems 5, 6 in thedata network 4; reachable SNMP devices; at least part of a network route to knownInternet servers 7; a data transmission time to knownInternet servers 7; and source addresses of ARP requests. - Comparison values and/or ranges of values and/or Boolean values defined for comparing S2 the respective operating parameters 15-1-15-5 may be predefined for the multiplicity of operating parameters 15-1-15-5.
- For example, comparison values defined for network addresses may be stored. For a data transmission time, a range of values may be stored since the data transmission time is also dependent on the instantaneous load situation of the
data network 4 and the load situation of the Internet or the calledInternet server 7. In some embodiments, tolerance ranges, thresholds, or variances may also be stated for changes in individual operating parameters 15-1-15-5. - The threshold value may be set based on the desired recognition rate. A trade-off is made between how quickly a move is to be recognized and how often false recognitions may be tolerated.
- In some embodiments, a weighting is allocated to each of the operating parameters 15-1-15-5. The number of comparisons is calculated using a weighted sum based on the respectively allocated weighting, thereby facilitating adaptation of the method to different boundary conditions.
-
FIG. 2 shows two tables with examples of network routes to the wikipedia.de server in accordance with the present teachings. The tables were recorded using the “traceroute” program that records and outputs the route from the executing computer to the target system. - As shown in
FIG. 2 , thetable entries operating environment computer program product 1 is arranged, different computer systems forward the request until the request continues on a common route at entry 5 (upper table) and entry 4 (lower table). - For example, differences in the first systems according to the
subnetwork 4 in which theoperating environment computer program product 1 is arranged indicate a move of the operatingenvironment -
FIG. 3 shows a schematic illustration of an example of a plurality of operating parameters 15-1-15-5 in accordance with the present teachings. - The operating parameter 15-1 is the ping time to a Google server. The operating parameter 15-2 is the number of matches during a traceroute run. The operating parameter 15-3 is a comparison of its own IP address. The operating parameter 15-4 is a source address of ARP requests. The operating parameter 15-5 is the number of neighboring systems in the
data network 4 that may be reached by UDP protocol at certain port numbers. - A range of between 90 ms and 180 ms is specified for the operating parameter 15-1. Therefore, if a ping time to a Google server is between 90 ms and 180 ms, a move is not assumed.
- A range of between 5 and 7 is specified for the operating parameter 15-2. Therefore, if the number of matches during a traceroute run is below 5, a move is assumed.
- A comparison is carried out for the operating parameters 15-3 and 15-4 to determine whether the operating parameters 15-3 and 15-4 correspond to the stored values.
- A range of between 2 and 4 is specified for the operating parameter 15-5.
- In other embodiments, a different number of operating parameters 15-1-15-5 may be included in the set of operating parameters 15-1-15-5. In addition, different comparison values, ranges, or the like may be specified.
-
FIG. 4 shows a block diagram of an example of an operatingenvironment computer program product 1 in accordance with the present teachings. -
FIG. 4 shows an example of an operatingenvironment 2 having anetwork interface 8 that may be, for example, a computer server. Avirtual operating environment 3 having a virtual network interface 9 is shown inside the operatingenvironment 2. Thevirtual operating environment 3 may be, for example, a virtual PC that is executed as a computer program on theserver 2. Thecomputer program product 1 in accordance with the present teachings is installed in thevirtual PC 3. The computer program product is designed to communicate via the virtual network interface 9 that is coupled to theactual network interface 8 of thecomputer server 2. - The
actual network interface 8 is coupled to adata network 4 having an additionalfirst computer system 5 and a second computer system 6 that are coupled to thedata network 4. Thedata network 4 is also coupled to astandard gateway 10 that is configured to couple thedata network 4 to theInternet 11. An Internet server 7 (e.g., the wikipedia.de server) is coupled to the Internet. - If the method in accordance with the present teachings or the
computer program product 1 in accordance with the present teachings is executed in the illustratedoperating environment 2, the additionalfirst computer system 5 and the second computer system 6 may be recognized and stored, for example. The address of thestandard gateway 10 may also be stored. In addition, the route and the ping time to thewikipedia.de server 7 may be stored. - If the
virtual operating environment 3 were moved to anothercomputer server 3 in another computer network, the above-described parameters would be likely to change and the move would be detectable. - While the present invention has been described above by reference to various embodiments, it should be understood that many changes and modifications may be made to the described embodiments. It is therefore intended that the foregoing description be regarded as illustrative rather than limiting, and that it be understood that all equivalents and/or combinations of embodiments are intended to be included in this description.
- It is to be understood that the elements and features recited in the appended claims may be combined in different ways to produce new claims that likewise fall within the scope of the present invention. Thus, whereas the dependent claims appended below depend from only a single independent or dependent claim, it is to be understood that these dependent claims may, alternatively, be made to depend in the alternative from any preceding claim—whether independent or dependent—and that such new combinations are to be understood as forming a part of the present specification.
Claims (20)
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102012210747.9A DE102012210747A1 (en) | 2012-06-25 | 2012-06-25 | PROCESS FOR PROTECTING A COMPUTER PROGRAM PRODUCT, COMPUTER PROGRAM PRODUCT, AND COMPUTER READABLE STORAGE MEDIUM |
DE102012210747 | 2012-06-25 | ||
DE102012210747.9 | 2012-06-25 | ||
PCT/EP2013/059213 WO2014000927A1 (en) | 2012-06-25 | 2013-05-03 | Method for protecting a computer program product, computer program product and computer-readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
US20150310192A1 true US20150310192A1 (en) | 2015-10-29 |
US10268807B2 US10268807B2 (en) | 2019-04-23 |
Family
ID=48463950
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/411,086 Expired - Fee Related US10268807B2 (en) | 2012-06-25 | 2013-05-03 | Method for protecting a computer program product, computer program product and computer-readable storage medium |
Country Status (6)
Country | Link |
---|---|
US (1) | US10268807B2 (en) |
EP (1) | EP2829038B1 (en) |
KR (1) | KR102131175B1 (en) |
CN (1) | CN104620553B (en) |
DE (1) | DE102012210747A1 (en) |
WO (1) | WO2014000927A1 (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1224788B1 (en) * | 1999-10-22 | 2004-06-23 | Nomadix, Inc. | Location-based identification for use in a communications network |
US20040203648A1 (en) * | 2002-07-22 | 2004-10-14 | At&T Wireless Services, Inc. | Methods and apparatus for formatting information for a communication |
US20070027815A1 (en) * | 2005-07-29 | 2007-02-01 | Symantec Corporation | Systems and methods for centralized subscription and license management in a small networking environment |
US20090245122A1 (en) * | 2003-01-23 | 2009-10-01 | Maiocco James N | System and method for monitoring global network performance |
US20090328225A1 (en) * | 2007-05-16 | 2009-12-31 | Vmware, Inc. | System and Methods for Enforcing Software License Compliance with Virtual Machines |
US20100305989A1 (en) * | 2009-05-27 | 2010-12-02 | Ruicao Mu | Method for fingerprinting and identifying internet users |
US20120011241A1 (en) * | 2008-02-22 | 2012-01-12 | Etchegoyen Craig S | License auditing of software usage by associating software activations with device identifiers |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2145068A1 (en) * | 1992-09-21 | 1994-03-31 | Ric Bailier Richardson | System for software registration |
US7359882B2 (en) | 2001-05-11 | 2008-04-15 | Bea Systems, Inc. | Distributed run-time licensing |
US8230058B2 (en) | 2004-03-29 | 2012-07-24 | Verizon Business Global Llc | Health reporting mechanism for inter-network gateway |
US8370416B2 (en) | 2006-04-26 | 2013-02-05 | Hewlett-Packard Development Company, L.P. | Compatibility enforcement in clustered computing systems |
CN101201883B (en) | 2007-09-18 | 2010-04-14 | 北京赛柏科技有限责任公司 | Software protection method based on virtual machine |
US8205241B2 (en) | 2008-01-30 | 2012-06-19 | Microsoft Corporation | Detection of hardware-based virtual machine environment |
US20100333213A1 (en) | 2009-06-24 | 2010-12-30 | Craig Stephen Etchegoyen | Systems and Methods for Determining Authorization to Operate Licensed Software Based on a Client Device Fingerprint |
US20110296429A1 (en) * | 2010-06-01 | 2011-12-01 | International Business Machines Corporation | System and method for management of license entitlements in a virtualized environment |
-
2012
- 2012-06-25 DE DE102012210747.9A patent/DE102012210747A1/en not_active Ceased
-
2013
- 2013-05-03 EP EP13723447.2A patent/EP2829038B1/en active Active
- 2013-05-03 KR KR1020157001958A patent/KR102131175B1/en active IP Right Grant
- 2013-05-03 CN CN201380033862.8A patent/CN104620553B/en not_active Expired - Fee Related
- 2013-05-03 US US14/411,086 patent/US10268807B2/en not_active Expired - Fee Related
- 2013-05-03 WO PCT/EP2013/059213 patent/WO2014000927A1/en active Application Filing
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1224788B1 (en) * | 1999-10-22 | 2004-06-23 | Nomadix, Inc. | Location-based identification for use in a communications network |
US20040203648A1 (en) * | 2002-07-22 | 2004-10-14 | At&T Wireless Services, Inc. | Methods and apparatus for formatting information for a communication |
US20090245122A1 (en) * | 2003-01-23 | 2009-10-01 | Maiocco James N | System and method for monitoring global network performance |
US20070027815A1 (en) * | 2005-07-29 | 2007-02-01 | Symantec Corporation | Systems and methods for centralized subscription and license management in a small networking environment |
US20090328225A1 (en) * | 2007-05-16 | 2009-12-31 | Vmware, Inc. | System and Methods for Enforcing Software License Compliance with Virtual Machines |
US20120011241A1 (en) * | 2008-02-22 | 2012-01-12 | Etchegoyen Craig S | License auditing of software usage by associating software activations with device identifiers |
US20100305989A1 (en) * | 2009-05-27 | 2010-12-02 | Ruicao Mu | Method for fingerprinting and identifying internet users |
Also Published As
Publication number | Publication date |
---|---|
EP2829038B1 (en) | 2016-03-02 |
EP2829038A1 (en) | 2015-01-28 |
US10268807B2 (en) | 2019-04-23 |
KR20150033684A (en) | 2015-04-01 |
KR102131175B1 (en) | 2020-07-07 |
CN104620553B (en) | 2018-03-13 |
DE102012210747A1 (en) | 2014-01-02 |
CN104620553A (en) | 2015-05-13 |
WO2014000927A1 (en) | 2014-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113050607B (en) | Security event detection by virtual machine introspection | |
US9021595B2 (en) | Asset risk analysis | |
US9306964B2 (en) | Using trust profiles for network breach detection | |
US10469524B2 (en) | Techniques for integrated endpoint and network detection and eradication of attacks | |
KR101122646B1 (en) | Method and device against intelligent bots by masquerading virtual machine information | |
US8458785B2 (en) | Information security protection host | |
US20190190931A1 (en) | Detection of botnets in containerized environments | |
US11171985B1 (en) | System and method to detect lateral movement of ransomware by deploying a security appliance over a shared network to implement a default gateway with point-to-point links between endpoints | |
US10757029B2 (en) | Network traffic pattern based machine readable instruction identification | |
US20210160273A1 (en) | Method for calculating risk for industrial control system and apparatus using the same | |
US8392998B1 (en) | Uniquely identifying attacked assets | |
US9444830B2 (en) | Web server/web application server security management apparatus and method | |
US11216192B2 (en) | Memory protective apparatus for indirect access memory controller | |
WO2019026310A1 (en) | Information processing device, information processing method, and information processing program | |
EP3172691A1 (en) | Security indicator linkage determination | |
Hagan et al. | Enforcing policy-based security models for embedded SoCs within the internet of things | |
CN101238470B (en) | Method for operating computing device, method for manufacturing software | |
WO2021084961A1 (en) | Analysis device and analysis method | |
US10268807B2 (en) | Method for protecting a computer program product, computer program product and computer-readable storage medium | |
CN110941825B (en) | Application monitoring method and device | |
RU2724796C1 (en) | System and method of protecting automated systems using gateway | |
JP2020119596A (en) | Log analysis system, analysis device, analysis method, and analysis program | |
EP2887603B1 (en) | Controlling an execution of a software application on an execution platform in a first local network | |
CN114095227A (en) | Credible authentication method and system for data communication gateway and electronic equipment | |
CN107608339B (en) | Interface protection method and device for automobile machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SIEMENS AKTIENGESELLSCHAFT, GERMANY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BARTHOLDT, JOERG;DIPPL, SEBASTIAN;REEL/FRAME:035951/0580 Effective date: 20141024 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20230423 |